Next-Generation Firewall Discussions

PA-410 GUI is very slow over IPsec vpn

We are deploying new PA-410,450,440 in remote location. From Head office firewall to Remote location there is an IPsec vpn.

When users from HO try to access PA-410 firewall over GUI it took 10 - 15 minutes to load. During this GUI loading data plan

...

Resolved! Palo alto contact for refund

Is there anyone that knows who to contact for purchased done on AWS.

-Palo Alto NGFW purchased on the aws market place

If you you know how to go about the refund let us know.

Thanks,

Resolved! DNAT not working

This is my topology. From 30.0.0.10 i would like to access the server 192.168.0.2 with the help of PA wan interface IP(30.0.0.1)
I have created DNAT and Security policy .

Object Prenat IP is 30.0.0.1/8 and Webserver Ip is 192.168.0.2/24,

...

Device Certificate unable renew automatically

Hi All,

Previously, the firewall PAN-PA-1420 had "Failed to renew device certificate. Invalid request. Authentication failed" until the device certificate status became Expired. This triggered an alert because the firewall couldn't establish a conn

...

XXF and building Security Policy

Hi all,

I would like to know how I would go about creating security policies based of the XFF headers please, any help would be appreciated.

I have read the documentation and I have to enable the XFF header

Select ->Device ->Setup ->Conten

...

SSL and TLS vulnerabilities

Hi Team,

We have to 2 Paloalto VM firewall running active-passive mode in AWS.

As a part of internal Pentest we go the below findings for the Active and passive firewall nodes. The result refers to SSL and TLS vulnerabilities.

Could you please suggest o

...

Resolved! Custom URL category with directories

Hi guys,

I am trying to create a custom url category to allow only these (s3.amazonaws.com/icount-pdfs

example:

https://s3.amazonaws.com/icount-pdfs/57764_25566fbb6fd6bbab6b0f35eba91bb55e.pdf?17016197031

i have tried:

s3.amazonaws.com/icount-pdf

...

PA-450 shutdown not working and device get rebooted after sometime .

Hello

I have issued the "request shutdown system" to our PA-450, but we didn't unplug the power immediately.

After 10 minutes, the system get rebooted.

Base on the KB(How to Perform a Graceful Shutdown ), the system should be in halted state,

...

Resolved! Including CVE in Threat Logs

For as long as the Palo Threat feature has been around, I can't believe this feature doesn't already exist.

Would it be possible for Palo to include the associated CVE as a field next to the ThreatID? These mapps occur outside of the Firewall as p

...

Azure SAML authentication: validate identity provider certificate. (best pratices)

Hi,

We have configured SAML on our portal and gateway. By default Microsoft generates a self signed certificate that is valid for 3 years for every Enterprise application you create.

Is this secure enough to use the default self signed one and not v

...

Cisco ASA to Palo Alto migration issue

Hi

i'm working on a new projet where will change the current Cisco ASA firewall by an Palo alto network 440 so we are using Expeditio tool to move the configuration

on the existing configuration, our customer use policy based routing to route tra

...

Resolved! QoS configuration based on destination (sub)interface on 3400 series

I am migrating a configuration from PA-3200 series device on PAN-OS 10.1 to PA-3410 where minimum version is 10.2. On migration I noticed error messages about destination interface in QoS configuration:

network -> qos -> interface -> ae3 -> regular

...

Resolved! Unable to locate PAN-OS for PA-400 series platform

Hi,

Anyone has any information if there is a pan-os for pa-400 series platform available somewhere within the portal.

Thank you

Regards

Alexander

firewall capture feature packet size Exceed interface default mtu

Customer firewall 3220, version: 10.2.4

Firewall interface mut defaults to ：1500. Jumpo function not enabled。

Question 1: When a firewall receives a TCP packet with a load of 1800 bytes (the df bit of the packet is not set),

I understand that the fir

...

someone recommend a way to create a VPN pre-login in Linux

Hello. Can someone recommend a way to create a VPN pre-login in Linux Ubuntu or Fedora? Thank you.

Discussions